Summary
| Detail | |||
|---|---|---|---|
| Vendor | Munin-Monitoring | First view | 2012-08-26 |
| Product | Munin | Last view | 2017-02-22 |
| Version | 2.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:munin-monitoring:munin | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2017-02-22 | CVE-2017-6188 | Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. |
| 4.3 | 2013-12-13 | CVE-2013-6359 | Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. |
| 5 | 2013-12-13 | CVE-2013-6048 | The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. |
| 9.3 | 2012-11-21 | CVE-2012-3513 | munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command. |
| 7.2 | 2012-11-21 | CVE-2012-3512 | Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. |
| 6.8 | 2012-08-26 | CVE-2012-2104 | cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (4) | CWE-20 | Improper Input Validation |
| 33% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-11-06 | Name : Ubuntu Update for munin USN-1622-1 File : nvt/gb_ubuntu_USN_1622_1.nasl |
| 2012-09-27 | Name : Fedora Update for munin FEDORA-2012-13649 File : nvt/gb_fedora_2012_13649_munin_fc16.nasl |
| 2012-09-27 | Name : Fedora Update for munin FEDORA-2012-13683 File : nvt/gb_fedora_2012_13683_munin_fc17.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-10-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201710-05.nasl - Type: ACT_GATHER_INFO |
| 2017-04-21 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-818.nasl - Type: ACT_GATHER_INFO |
| 2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-3776c9d747.nasl - Type: ACT_GATHER_INFO |
| 2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-25df1dbd02.nasl - Type: ACT_GATHER_INFO |
| 2017-03-07 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-310.nasl - Type: ACT_GATHER_INFO |
| 2017-03-03 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3215-1.nasl - Type: ACT_GATHER_INFO |
| 2017-02-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3794.nasl - Type: ACT_GATHER_INFO |
| 2015-03-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-20.nasl - Type: ACT_GATHER_INFO |
| 2014-10-12 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-348.nasl - Type: ACT_GATHER_INFO |
| 2014-05-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201405-17.nasl - Type: ACT_GATHER_INFO |
| 2014-04-07 | Name: The remote Fedora host is missing a security update. File: fedora_2014-4542.nasl - Type: ACT_GATHER_INFO |
| 2014-04-07 | Name: The remote Fedora host is missing a security update. File: fedora_2014-4462.nasl - Type: ACT_GATHER_INFO |
| 2014-02-05 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-275.nasl - Type: ACT_GATHER_INFO |
| 2014-01-28 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2090-1.nasl - Type: ACT_GATHER_INFO |
| 2013-12-23 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2013-297.nasl - Type: ACT_GATHER_INFO |
| 2013-12-17 | Name: The remote Fedora host is missing a security update. File: fedora_2013-23016.nasl - Type: ACT_GATHER_INFO |
| 2013-12-17 | Name: The remote Fedora host is missing a security update. File: fedora_2013-22993.nasl - Type: ACT_GATHER_INFO |
| 2013-12-16 | Name: The remote Fedora host is missing a security update. File: fedora_2013-22968.nasl - Type: ACT_GATHER_INFO |
| 2013-12-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2815.nasl - Type: ACT_GATHER_INFO |
| 2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-130.nasl - Type: ACT_GATHER_INFO |
| 2013-04-20 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2013-105.nasl - Type: ACT_GATHER_INFO |
| 2012-11-06 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1622-1.nasl - Type: ACT_GATHER_INFO |
| 2012-09-27 | Name: The remote Fedora host is missing a security update. File: fedora_2012-13683.nasl - Type: ACT_GATHER_INFO |
| 2012-09-27 | Name: The remote Fedora host is missing a security update. File: fedora_2012-13649.nasl - Type: ACT_GATHER_INFO |
| 2012-09-18 | Name: The remote Fedora host is missing a security update. File: fedora_2012-13110.nasl - Type: ACT_GATHER_INFO |
